Deutsch | English

[CERT-daily] Tageszusammenfassung - Freitag 29-08-2014

Daily end-of-shift report team at cert.at
Fri Aug 29 18:10:25 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Donnerstag 28-08-2014 18:00 − Freitag 29-08-2014 18:00
Handler:     Robert Waldner
Co-Handler:  Alexander Riepl



*** Heartbleed is the gift that keeps on giving as servers remain unpatched ***
---------------------------------------------
An average of 7,000 attacks continue to seek out servers vulnerable to the bug.
---------------------------------------------
http://arstechnica.com/security/2014/08/heartbleed-is-the-gift-that-keeps-on-giving-as-servers-remain-unpatched/




*** PCI Council urges retailers to defend against Backoff POS attacks ***
---------------------------------------------
The warning comes soon after the Secret Service and DHS issues a warning on the threat.
---------------------------------------------
http://www.scmagazine.com/pci-council-urges-retailers-to-defend-against-backoff-pos-attacks/article/368640/



*** Multiple vulnerabilities in Cisco products ***
---------------------------------------------
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3350
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3352
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3349




*** Django REMOTE_USER header security bypass ***
---------------------------------------------
http://xforce.iss.net/xforce/xfdb/95569




*** IBM Security Bulletin: Current Release of IBM SDK for Node.js is affected by CVE-2014-5256 ***
---------------------------------------------
https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_current_release_of_ibm_sdk_for_node_js_is_affected_by_cve_2014_5256?lang=en_us




*** Scanbox: A Reconnaissance Framework Used with Watering Hole Attacks ***
---------------------------------------------
A few days ago we detected a watering hole campaign in a website owned by one big industrial company.The website is related to software used for simulation and system engineering in a wide range of industries, including automotive, aerospace, and manufacturing.The attackers were able to compromise the website and include code that loaded a malicious Javascript ..
---------------------------------------------
http://www.alienvault.com/open-threat-exchange/blog/scanbox-a-reconnaissance-framework-used-on-watering-hole-attacks




*** Squid Range Header Processing Flaw Lets Remote Users Deny Service ***
---------------------------------------------
http://www.securitytracker.com/id/1030779




*** F5 BIG-IP ConfigSync Access Control Flaw Lets Remote Users Read and Write Arbitrary Files ***
---------------------------------------------
http://www.securitytracker.com/id/1030778




*** F5 Enterprise Manager ConfigSync Access Control Flaw Lets Remote Users Read and Write Arbitrary Files ***
---------------------------------------------
http://www.securitytracker.com/id/1030777




*** Sinkholing the Backoff POS Trojan ***
---------------------------------------------
There is currently a lot of buzz about the Backoff point-of-sale Trojan that is designed to steal credit card information from computers that have POS terminals attached.
---------------------------------------------
https://securelist.com/blog/research/66305/sinkholing-the-backoff-pos-trojan/




*** Nearly 100k Bugzilla Users Affected by Data Disclosure ***
---------------------------------------------
The email addresses and encrypted passwords of nearly 100,000 users of Mozilla's Bugzilla system were left on a publicly accessible server for several months earlier this year, the company said. The disclosure comes just a few weeks after Mozilla advised members of its Mozilla Developer ..
---------------------------------------------
http://threatpost.com/nearly-100k-bugzilla-users-affected-by-data-disclosure/107973






More information about the Daily mailing list
Kontakt
Email: reports@cert.at
Tel.: +43 1 5056416 78
mehr ...
Warnungen
mehr ...
Blog
mehr ...
Jahresbericht 2017
Ein Resumee zur digitalen Sicherheitslage in Österreich

(HTML, PDF).
Letzte Änderung: 2018/5/28 - 15:00:00
Haftungsausschluss / Datenschutzerklärung